funsec mailing list archives
Re: Congressman Ed Markey Wants Security Researcher Arrested
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Sat, 28 Oct 2006 12:56:28 -0400
Until he attempts to use one, it isnt fraud, its art. Money and official documents are different. They have legislation protecting them. I dont think airline tickets have the same protection, but I could be wrong -JP On 10/28/06, Kevin Johnson <kjohnson () secureideas net> wrote:
On Oct 27, 2006, at 11:24 PM, Nick FitzGerald wrote: Larry Seltzer wrote: I know this makes me a fascist around here but this bothers me a lot. He's facilitating fraud, and the fact that he himself says they're not good enough to get you on a plane makes me doubt the value of his research. Suppose he was making software to print $100 bills. Is that OK because it shows weaknesses in the currency? And if he or anyone else uses these they definitely should be busted. Then I guess we need more fascists. ; ) I think you've missed the point... I don't think Larry did. I think his comment was toward the act not the system. _If_ these forgeries are good enough to get through initial (usually just the briefest of eye-balling and often kerbside) screening _AND_ that opens the whole system up to some much bigger threat _THEN_ the whole system is totally borked from tip to toe. snip In no way does this contradict what Larry said. I think it may be a little extreme saying it is totally borked, but forgeries are an issue that all systems need to take into account. If the system doesn't, then that needs to be fixed. _IF_ the current system cannot filter out those carrying fake boarding passes, _THEN_ the current system _IS BROKEN_. snip Again, I don't think Larry or myself disagree with this. Yes, what he's doing is technically fraud, but to even suggest it begins to equate with forging $100 bills is reactionary nonsense. Actually I think the two are very similar. Fraud is fraud. Saying something is technically fraud is the same as saying your girlfriend is slightly pregnant. It either is or it isn't. I personally have no problem with someone generating a single fake ticket that was only there to show that a fake was possible. Mark it as fake and make your point. But putting up a site that generates the tickets is to far. I think that we as an industry allow people way to much leeway when they assign themselves the title security researcher. Thanks Kevin --------------------- GCIA, GCIH BASE Project Lead http://base.secureideas.net The next step in IDS analysis! _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Congressman Ed Markey Wants Security Researcher Arrested Fergie (Oct 27)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Drsolly (Oct 27)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Nick FitzGerald (Oct 27)
- <Possible follow-ups>
- Re: Congressman Ed Markey Wants Security Researcher Arrested Gregory Hicks (Oct 27)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Drsolly (Oct 27)
- RE: Congressman Ed Markey Wants Security Researcher Arrested Larry Seltzer (Oct 27)
- RE: Congressman Ed Markey Wants Security Researcher Arrested Nick FitzGerald (Oct 27)
- RE: Congressman Ed Markey Wants Security Researcher Arrested Larry Seltzer (Oct 28)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Kevin Johnson (Oct 28)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Dude VanWinkle (Oct 28)
- RE: Congressman Ed Markey Wants Security Researcher Arrested Larry Seltzer (Oct 28)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Dude VanWinkle (Oct 28)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Drsolly (Oct 27)
- Re: Congressman Ed Markey Wants Security Researcher Arrested Dude VanWinkle (Oct 27)